MicroPower Systems

The Payment Card Industry Data Security Standard (PCI DSS) is a carefully-constructed set of guidelines defined by the Payment Card Industry Security Standards Council to help prevent fraud. Adherence is mandatory for all organizations that deal with cardholder information. A company should be proud of its PCI compliance, as it shows that the company is committed to its customers and partners. In addition, intelligent consumers know to avoid companies that don’t offer easily-accessible proof of their adherence.The original PCI DSS was released in December of 2004 when five credit card companies (Visa, MasterCard, American Express, Discover, and JCB) pooled their security program resources. This collaboration resulted in a standard that could be applied to all cardholder brands. Updates to version 1.0 have been offered over the years, with version 1.2 being released in 2009. This version clarified the compliance standards into 12 different objectives, divided between 6 control objectives. The objectives and requirements are summarized below:Objective 1: Build and maintain a secure network

• Use a firewall
• Do not use default passwords

Objective 2: Protect cardholder data

• Adequately store data
• Encrypt data transmission

Objective 3: Maintain a vulnerability management program

• Use updated anti-virus software
• Maintain secure systems

Objective 4: Implement strong access control measures

• Restrict access
• Assign a unique ID to each person with access
• Limit physical access

Objective 5: Regularly monitor and test networks

• Monitor all access
• Test systems regularly

Objective 6: Maintain an information security policy

• Have a clearly defined security policy

In 2009 the PCI Security Standards Council issued a special set of guidelines for wireless local access networks. These guidelines recommended the Wireless Intrusion Prevention System (WIPS) as the method for automating wireless processes. WIPS prevents access to the network by rogue or outside devices, so its value for preventing the theft of important cardholder data is obvious.The long-awaited version 2.0 of the PCI DSS was issued on October 26, 2010. The deadline for compliance is January 1, 2011. The new version doesn’t make any major changes to the requirements, but revises some of the ambiguities from the earlier version. Customers or businesses with questions about the changes can get guidance at www.pcisecuritystandards.org, where they’ll also find webinars and an entertaining music video which counts down the requirements.